Research Of The Technologies Of Detection Of Multi-stage Attack Based On The Feedback Control Mechansim

The Ddos and Trojan Horse are the typical multi-stage attack, but the detection oriented to these attack only detect at the sigle stage, not consider the character of these attack. The detection and defense of this attack meet more challenges when the technique of the attack make a great progress. But the methods of detection and defense we used can't solve the new problem. So it is a challenges issue that how to detect and defend the complex multi-stage attack.Aimed at the current problems existed in the detection and defense of this attack, this paper proposes a prototype based on the feedback control mechanism. The main work of this paper is as follows:1. Analysed and compared the problem of the method of existed detection and defense of multi-stage attack based on deep researches, pointed out the ubiquitous problems existed in the method of detection and defense.2. On the basis study of the feedback control mechanism, discussed the combination of the feedback control mechanism and intrusion defense system, put forward a new prototype. The prototype can relate the different stages of an multi-stage attack process, and judge the state of the protected system, finally select the optimal policy based on the judged state information. This prototype can be used in practical under appropriate conditions, and reduce the frequency of the false alarm.3.The multi-stage attack is a typical Markov process,and this paper used the property of multi-stage attack, Put forward an evaluation method aimed to evaluate the efficiency of defense of the multi-stage attack based on MDPs.It is proved that the method that we proposed have better efficiency than the normal defense technolodgy.4. On the study of the Internet Worm, realized that internet worm is a typical multi-stage attack. And proposed that countering this attack with the defense model based on feedback control mechansim that we have put forward,finally we studied the experiment data and contrasted the efficiency of the current detection method and the model we proposed,it is proved that the model we proposed is a better detection method.